1/*
2 * Copyright (C) 2004-2008, 2011, 2012  Internet Systems Consortium, Inc. ("ISC")
3 * Copyright (C) 1999-2001, 2003  Internet Software Consortium.
4 *
5 * Permission to use, copy, modify, and/or distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
8 *
9 * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
10 * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
11 * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
12 * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
13 * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
14 * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
15 * PERFORMANCE OF THIS SOFTWARE.
16 */
17
18/* $Id: nsec.h,v 1.14 2011/06/10 23:47:32 tbox Exp $ */
19
20#ifndef DNS_NSEC_H
21#define DNS_NSEC_H 1
22
23/*! \file dns/nsec.h */
24
25#include <isc/lang.h>
26
27#include <dns/types.h>
28#include <dns/name.h>
29
30#define DNS_NSEC_BUFFERSIZE (DNS_NAME_MAXWIRE + 8192 + 512)
31
32ISC_LANG_BEGINDECLS
33
34isc_result_t
35dns_nsec_buildrdata(dns_db_t *db, dns_dbversion_t *version,
36		    dns_dbnode_t *node, dns_name_t *target,
37		    unsigned char *buffer, dns_rdata_t *rdata);
38/*%<
39 * Build the rdata of a NSEC record.
40 *
41 * Requires:
42 *\li	buffer	Points to a temporary buffer of at least
43 * 		DNS_NSEC_BUFFERSIZE bytes.
44 *\li	rdata	Points to an initialized dns_rdata_t.
45 *
46 * Ensures:
47 *  \li    *rdata	Contains a valid NSEC rdata.  The 'data' member refers
48 *		to 'buffer'.
49 */
50
51isc_result_t
52dns_nsec_build(dns_db_t *db, dns_dbversion_t *version, dns_dbnode_t *node,
53	       dns_name_t *target, dns_ttl_t ttl);
54/*%<
55 * Build a NSEC record and add it to a database.
56 */
57
58isc_boolean_t
59dns_nsec_typepresent(dns_rdata_t *nsec, dns_rdatatype_t type);
60/*%<
61 * Determine if a type is marked as present in an NSEC record.
62 *
63 * Requires:
64 *\li	'nsec' points to a valid rdataset of type NSEC
65 */
66
67isc_result_t
68dns_nsec_nseconly(dns_db_t *db, dns_dbversion_t *version,
69		  isc_boolean_t *answer);
70/*
71 * Report whether the DNSKEY RRset has a NSEC only algorithm.  Unknown
72 * algorithms are assumed to support NSEC3.  If DNSKEY is not found,
73 * *answer is set to ISC_FALSE, and ISC_R_NOTFOUND is returned.
74 *
75 * Requires:
76 * 	'answer' to be non NULL.
77 */
78
79unsigned int
80dns_nsec_compressbitmap(unsigned char *map, const unsigned char *raw,
81			unsigned int max_type);
82/*%<
83 * Convert a raw bitmap into a compressed windowed bit map.  'map' and 'raw'
84 * may overlap.
85 *
86 * Returns the length of the compressed windowed bit map.
87 */
88
89void
90dns_nsec_setbit(unsigned char *array, unsigned int type, unsigned int bit);
91/*%<
92 * Set type bit in raw 'array' to 'bit'.
93 */
94
95isc_boolean_t
96dns_nsec_isset(const unsigned char *array, unsigned int type);
97/*%<
98 * Test if the corresponding 'type' bit is set in 'array'.
99 */
100
101isc_result_t
102dns_nsec_noexistnodata(dns_rdatatype_t type, dns_name_t *name,
103		       dns_name_t *nsecname, dns_rdataset_t *nsecset,
104		       isc_boolean_t *exists, isc_boolean_t *data,
105		       dns_name_t *wild, dns_nseclog_t log, void *arg);
106/*%
107 * Return ISC_R_SUCCESS if we can determine that the name doesn't exist
108 * or we can determine whether there is data or not at the name.
109 * If the name does not exist return the wildcard name.
110 *
111 * Return ISC_R_IGNORE when the NSEC is not the appropriate one.
112 */
113
114ISC_LANG_ENDDECLS
115
116#endif /* DNS_NSEC_H */
117